Ethical Hacking, Penetration Testing & Computer Security

Archive | Network Hacking

masscan is the fastest TCP port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second. It produces results similar to nmap, the most famous port scanner. Internally, it operates more like scanrand, unicornscan, and ZMap, using asynchronous transmission. The major difference is that it’s faster than these […]

BurpSentintel is a plugin for Burp Intercepting Proxy, to aid and ease the identification of vulnerabilities in web applications. Searching for vulnerabilities in web applications can be a tedious task. Most of the time consists of inserting magic chars into parameters, and looking for suspicious output. Sentinel tries to automate parts of this laborous task. […]

This is a pretty interesting story, and an interesting use (or mis-use) of cloud resources. We’ve covered similar stuff before like the case when Yahoo! was Spreading Bitcoin Mining Botnet Malware Via Ads, and then more recently when the Pirated ‘Watch Dogs’ Game Made A Bitcoin Mining Botnet. But this time it’s not malware based, […]

This was a pretty interesting piece of news for me last week as I was actually affected by it (I think?). It’s an XML Quadratic Blowup Attack that affects both WordPress and Drupal and is quite serious as rather than just crashing the software, it can take down the whole server. It didn’t completely take […]

A new version of HoneyDrive, HoneyDrive 3 has been released codenamed Royal Jelly, Honeypots in a box is a great concept if you want to deploy a honeypot quickly without too much hassle. HoneyDrive is the premier honeypot Linux distro. It is a virtual appliance (OVA) with Xubuntu Desktop 12.04.4 LTS edition installed. It contains […]

clipcaptcha is an extensible and signature based CAPTCHA Provider impersonation tool based off Moxie Marlinspike’s sslstrip codebase, which we mentioned back in 2009 – SSLstrip – HTTPS Stripping Attack Tool. Depending on its mode of operation it may approve, reject or forward the CAPTCHA verification requests. It maintains an easy to edit XML configuration file […]

So it looks like Microsoft has been a little heavy handed in this case, the case of dynamic DNS provider No-IP serving up malware. I would imagine most of us have utilised a dynamic DNS service at some point to map a dynamic IP address to a memorable domain. It seems that malware folks have […]

NINJA-PingU (NINJA-PingU Is Not Just A Ping Utility) is a free open-source high performance network scanner tool for large scale analysis. It has been designed with performance as its primary goal and developed as a framework to allow easy plugin integration. Essentially it’s a high performance, large scale network scanner, the likes of which we […]

While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for […]

Introduction So the Internet has been exploding this week due to the Heartbleed Bug in OpenSSL which effects a LOT of servers and websites and is being hailed by some as the worst vulnerability in the history of the Internet thus far. The main info on the bug can be found at http://heartbleed.com/. In basic […]